All English versions provided for reference purposes only. In any event, the Japanese version shall prevail.
1. Definition of personal information
Name, date of birth, and other descriptions contained in the information (any information described in not limited to electromagnetic records and expressed in documents, drawings, sounds, actions. Including those that can be matched against and can be used to identify specific individuals.)
Information including personal identification code
2. Purpose of use of personal information
We use personal information for the following purposes.
To provide OFUSE, pib, POTOFU and other services of the Company (referred to as the “this service”)
To prevent unauthorized use of this service
To create statistical data on the use of this service
To conduct questionnaires regarding this service
To respond to inquiries regarding this service
For information on our products and services
To respond to actions that violate the Company's terms, policies, etc. ("Terms and whatsoever .") regarding this service
To notify the changes to the terms of service and whatsoever
To help improve our services and develop new services
For employment management and internal procedures (personal information of officers and employees), selection and communication in recruitment activities (personal information of applicants)
Shareholder management, company law, and other legal procedures (not limited to shareholders, stock acquisition rights holders.)
To create statistical data processed for our service in a form that does not identify individuals.
To perform tasks entrusted to us by third parties.
For other purposes incidental to the purposes above
3. Change of purpose of personal information usage purpose
The Company may change the purpose of use of personal information to the extent that it is reasonably recognized to be relevant, and will notify or publish to the individual who is the subject of the personal information. (This is called “the person.”)
4. Restrictions on the use of personal information
Unless permitted by the Personal Information Protection Law or other laws, we will not handle personal information beyond the scope necessary to achieve the purpose of use without obtaining the consent of the person. However, this does not apply in the following cases.
When required by law
When it is necessary for the protection of human life, body or property and it is difficult to obtain the consent of the person
When it is particularly necessary to improve public health or promote the sound development of children, and it is difficult to obtain the consent of the person
In cases where it is necessary to cooperate with national institution or local public entity or a person entrusted by it in carrying out the affairs stipulated by laws and regulations, and when there is a risk of interference by acquiring the consent of the person.
5. Proper acquisition of personal information
5.1 The company will acquire personal information appropriately and will not acquire it by deception or other illegal means.
5.2 The Company shall not obtain sensitive personal information without the prior consent of the person except in the following cases (refers to the information defined in Article 2, Paragraph 3 of the Personal Information Protection Law).
Cases falling under any of the items in paragraph 4
When the special care-required personal information is disclosed by the person, national institution, local public entity, person listed in items of Article 76, Paragraph 1 of the Personal Information Protection Law, or other persons specified by the Rules of the Personal Information Protection Committee
When there is a risk of acquiring the special care-required personal information by viewing or photographing the person
When the provision of the special care-required personal informationis received from a third party and the provision by the third party falls under any of the items in Section 7.1
5.3 When receiving personal information from a third party, the Company shall confirm the following items as stipulated in the Regulations of the Personal Information Protection Committee, however, unless the provision of the personal information by the third party falls under any of the items in Section 4 or falls under any of the items in Section 7.1.
The name or address of the third party, and the name or address of the representative of a corporation (in the case of a non-corporate organization with a designated representative or manager, the name and address of the representative or manager)
Process of acquisition of personal information by the third party
6. Safety management of personal information
We will provide necessary and appropriate supervision to our employees so that personal information can be safely managed against risks such as loss, destruction, falsification, and leakage of personal information. In addition, when the Company entrusts all or part of the handling of personal information, necessary and appropriate supervision is performed so that the personal information can be managed safely at the outsourcer.
7. Provided by third parties
7.1 The Company will not provide personal information to a third party without obtaining the prior consent of the person except for cases falling under any of the items in paragraph 4. However, the following cases do not fall under the provision to the third party specified above.
When personal information is provided within the scope necessary to achieve the purpose of use, by entrusting all or part of the handling of personal information
When personal information is provided in connection with business succession due to a merger or other reasons
7.2 Notwithstanding the provisions of Section 7.1, except for cases falling under any of the items of Paragraph 4, excluding foreign countries (except those designated by the Personal Information Protection Commission rules under Article 24 of the Personal Information Protection Law) When providing personal information to a third party (excluding those who have established a system that conforms to the standards specified in the Personal Information Protection Committee rules based on Article 24 of the Personal Information Protection Law shall obtain the consent of the person in advance to permit the provision to a third party in a foreign country.
7.3 When personal information is provided to a third party, the Company creates and stores records by Article 25 of the Personal Information Protection Law.
7.4 When receiving personal information from a third party, the Company shall make necessary checks by Article 26 of the Personal Information Protection Law, and create and store records related to such confirmation.
8. Disclosure of personal information
When the person is requested to disclose personal information based on the provisions of the Personal Information Protection Law, the Company will disclose to the person without delay after confirming that the request is from the person ( If there is no such personal information, we will notify him/her.) However, this does not apply if the Company is not obligated to disclose it under the Personal Information Protection Law or other laws. Please note that a fee is charged for the disclosure of personal information. The amount of such fee shall be determined by the Company within a reasonable range considering actual costs, and shall be notified to the person without delay after receiving a request for disclosure.
9. Correction of personal information
If the Company requests correction, addition, or deletion (referred to as “correction, etc.”) of the content based on the provisions of the Personal Information Protection Law because the personal information is not accurate, After confirming that it is a request from himself/herself, within the scope necessary to achieve the purpose of use, we will conduct necessary investigations without delay, and based on the results, we will correct the contents of personal information. (If the person decides not to make corrections, we will notify the person) However, this shall not apply if the Company is not obliged to make corrections under the Personal Information Protection Law or other laws.
10. Suspension of use of personal information
The company will stop using personal information or stop providing it without delay, and notify the person to that effect, based on the provisions of the Personal Information Protection Law under these circumstances, when personal information is handled beyond the scope of the purpose of use that has been publicized in advance, or that the personal information was obtained by deception or other wrongful means, or it is requested to suspend or erase the use (referred to as “use cessation and whatsoever”) according to the provisions of the Personal Information Protection Law, or because personal information is provided to a third party without the consent of the individual. If the request is asked to be stopped (referred to as “stop providing”), if it is found that there is a reason for the request, the company will confirm that the request is from the person himself/herself. However, this shall not apply to cases where the Company is not obligated to suspend use or to suspend provision due to the Personal Information Protection Law and other laws and regulations.
11. Handling of anonymously processed information
11.1 Anonymously processed information (meaning what is defined in Article 2, Paragraph 9 of the Personal Information Protection Law, limited to that which constitutes the Anonymously Processed Information Database and whatsoever. Defined in Article 2, Paragraph 10 of the Law. )), Personal information shall be processed in accordance with the standards outlined in the Personal Information Protection Committee Rules.
11.2 When anonymized information is created, the Company will take measures for safety management in accordance with the standards stipulated in the Personal Information Protection Committee Rules.
11.3 When we create anonymously processed information, we will publish the items of personal information included in the anonymously processed information as stipulated in the Personal Information Protection Committee Rules.
11.4 When we provide anonymously processed information (including information created by us and provided by third parties, the same shall apply unless otherwise specified) to individuals, According to the rules of the Information Protection Committee, the information items related to individuals included in the anonymously processed information provided to third parties and the method of providing them will be announced in advance, and the provision to the third parties will be made. Clarify that the information related to is anonymously processed information.
11.5 In handling anonymously processed information, the Company shall identify (1) the anonymously processed information with other information and (2) to identify the person concerned with the personal information used to create the anonymously processed information. ) The company shall not acquire information regarding the description etc. deleted from the personal information or the personal identification code or the processing method performed under the provisions of Article 36, Paragraph 1 of the Personal Information Protection Law. ((2) is only for the anonymous processing information provided by a third party)
11.6 he Company will take necessary and appropriate measures for the safe management of anonymously processed information, handle complaints regarding the creation of anonymously processed information and another handling, and other measures necessary to ensure proper handling of anonymously processed information. We will endeavor to publicize the details of such measures.
If you have any requests regarding disclosure, comments, questions, complaints, or other inquiries regarding the handling of personal information, please contact the following contact.
14. Continuous improvement
15. Handling of personal data provided based on adequacy certification
In addition to the provisions of the preceding paragraphs, the following provisions apply to personal data provided based on the adequacy certification defined below, and if the provisions of this paragraph differ from the provisions of the preceding paragraphs, this paragraph shall prevail.
“EU” refers to the European Union (including Iceland, Liechtenstein, and Norway based on the European Economic Area (EEA) Agreement with the Member States of the European Union and the European Economic Area (EEA) It means European Union).
“GDPR” means the Regulation of the European Parliament and the European Council (General Data Protection Regulation) on the protection of natural persons in relation to the processing of personal data and the free transfer of such data EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with to the processing of personal data and on the free movement of such data, and repealing It means Directive 95/46/EC (General Data Protection Regulation).
“Sufficiency Qualification” means a decision by the European Commission that recognizes a country or region as having an adequate level of protection for personal data in accordance with Article 45 of the GDPR.
15.2 If personal data provided by the Company from within the EU based on the sufficiency certification is “special types of personal data” under the GDPR (Special Categories of Personal Data), which contains information on sex life, sexual orientation, or trade unions defined as, the information shall be treated as sensitive personal information.
15.3 Regarding personal data provided by the Company based on the adequacy certification from within the EU, regardless of the period for which it is intended to be erased, “When the existence of such data becomes clear in Article 2, Paragraph 7 of the Act on the Protection of Personal Information Unless it falls under “what is stipulated by Cabinet Ordinance as being harmful to the public interest or other interests”, it shall be treated as retained personal data stipulated in the same paragraph.
15.4 When the company receives personal data from within the EU based on the adequacy certification, we will confirm and record the history of its acquisition, including the purpose the use specified when receiving the provision of such personal data from within the EU based on the provisions of Article 26, Paragraph 1 and 3 of the Personal Information Protection Act.
15.5 If the Company receives the provision of personal data from another personal information handling business that has received the provision of personal data based on the adequacy certification from within the EU, pursuant to the provisions of Article 26, Paragraphs 1 and 3 of the Personal Information Protection Act, we will confirm and record the history of acquisition of such personal data, including the purpose of use specified when receiving the provision of such personal data.
15.6 The Company identifies the purpose of use within the scope of the purpose of use specified at the time of receiving the provision initially or thereafter, with respect to the personal data confirmed and recorded pursuant to 15.4 or 15.5, and the personal data shall be used within that scope.
15.7 When we provide personal data provided based on the adequacy certification from within the EU to a third party in a foreign country, it is necessary for the person to make a decision on consent regarding the acquisition of the consent of the person pursuant to paragraph 7.2. After providing information on the status of the transfer destination, we will obtain the consent of the person in advance to permit the provision of personal data to a third party in a foreign country.
15.8 For personal data provided based on adequacy certification from within the EU, information on processing methods, etc. (descriptions deleted from personal information used to create anonymously processed information, personal identification codes, and information on the method of processing performed pursuant to the Article 36 Paragraph 1 of the Personal Information Protection Act (limited to those that can be used to restore the personal information) will be considered anonymously processed information only when it is impossible for anyone to re-identify the anonymized individual by deleting the information such as the processing method.
'Established date: March 20, 2018'
'Revision date: July 14, 2019'
'Revision date: December 30, 2021'
'Revision date: April 1, 2022'
'Revision date: September 16, 2023'